Use of mobile communication devices is very widespread and security of information stored on or accessed by a mobile communication device is an important issue.
Many mobile communication devices include secure elements, for example in the form of a hardware security module, built into the mobile communication device or attachable to the mobile communication device, such as via the subscriber identity module (SIM) card. The secure element may store secure details such as payment card details and may control the security and access to the payment card details, for example, for use with Near Field Communication (NFC) payment implementations.
Mobile communication devices may communicate with a remote server in carrying out secure transactions instead of using a device-based secure element. An example of this is host card emulation (HCE) where, instead of the mobile communication device using a secure element on the mobile device to store payment card details, the payment card details are stored in a cloud-based secure server. An application on the mobile communication device then makes a request to the cloud-based secure server for card details to be presented to a point of sale device.
In order to avoid hacking of the payment process, the mobile communication device must identify itself securely to the cloud-based secure server to ensure that the request for payment card details is valid. In order to not negatively impact the user experience, this is aimed to be done without user input.
Device fingerprinting technology is a known method of identifying a mobile communication device to a remote server. Active fingerprinting uses the installation of executable code directly on a device which has access to identifiers assigned to the device hardware, such as the International Mobile Station Equipment Identity (IMEI) or the media access control (MAC) address. The executable code uses an algorithm, with inputs of an identifier to generate the fingerprint. The remote server knows how the fingerprint is generated by the device and can therefore identify the device.
Fingerprinting technology may result in breaches of security as a hacker may be able to obtain the executable code and reverse engineer it and may try to access a remote server storing card credentials by imitating the mobile communication device.
There is a need in the art to address the aforementioned and other problems.
The preceding discussion of the background to the invention is intended only to facilitate an understanding of the present invention. It should be appreciated that the discussion is not an acknowledgment or admission that any of the material referred to was part of the common general knowledge in the art as at the priority date of the application.